Bug 1019888

Summary: vpnc: cisco-decrypt should be able to read the password from standard input
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: vpncAssignee: Christian Krause <chkr>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: chkr, fschwarz, tmraz
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1019890    

Description Florian Weimer 2013-10-16 15:04:23 UTC 
The current approach based on the command line leaks the password to local users because it's (briefly) visible in /proc.
Comment 1 Felix Schwarz 2014-11-10 09:42:00 UTC 
I just pushed a new vpnc version to updates-testing (for Fedora 20 and 21). I think your issue is still present there but maybe you can confirm that?

It sounds to me as if the feature you described is not present for the upstream code. If that's the case I'd like to encourage you to report the problem upstream as I'm a bit hesitant to add Fedora-only patches :-)
Comment 2 Florian Weimer 2014-11-10 10:09:31 UTC 
I think upstream sort-of fixed this here:

“r545 | Antonio Borneo | 2014-02-18 06:09:52 +0100 (Tue, 18 Feb 2014) | 32 lines

support password helper”

It may still be difficult to integrate this with NetworkManager etc., but they can ship their own password helper program to solve this.
Comment 3 Florian Weimer 2014-11-10 10:10:56 UTC 
Wait, no cisco-decrypt is still unchanged.
Comment 4 Felix Schwarz 2014-11-10 10:18:18 UTC 
So this means they have some kind of password helper support but not in cisco-decrypt? Would you mind posting your request on the upstream mailing list so at least some people might be aware of the problem?
Comment 5 Felix Schwarz 2014-11-10 10:19:42 UTC 
moving to rawhide as this bug isn't specific to F19 but a general enhancement.
Comment 6 Felix Schwarz 2014-11-12 22:27:18 UTC 
Just for reference: question on upstream mailing list is http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2014-November/004136.html